We maintain a lot of TYPO3 projects and in some of these we sometimes get strange log entries where controllers or actions of an extension are requested, which, for sure don't exist.
For example some log entries:
The controller "(SELECT (CASE WHEN (2302=2302) THEN 2302 ELSE 2302*(SELECT 2302 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))" is not allowed by plugin "List". Please check for TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php
The controller "Shop') AND 3375=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(112)||CHR(120)||CHR(118)||CHR(113)||(SELECT (CASE WHEN (3375=3375) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(118)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND ('CnON'='CnON" is not allowed by plugin "List". Please check for TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php
The action "listFilter UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL#" (controller "...") is not allowed by this plugin / module. Please check TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php / TYPO3\CMS\Extbase\Utility\ExtensionUtility::configureModule() in your ext_tables.php
Are these requests from bots and can we prevent this somehow, or can we simply ignore the entries?
These are requests from bots that try to inject SQL into TYPO3. You can ignore them, as long as you are confident that your installation is up to date and your extensions are well maintained.